With more and more data breaches happening it is possible that your personal information and passwords are already compromised. If you have been lazy and reusing passwords (just like me until a while back) across multiple sites then it is good to check if your password is already compromised. It necessarily need not be one of your social media account or bank account that needs to be compromised for an attacker to get your credentials. If you have been reusing passwords across sites, it might be that one site where security is not given much importance for that gets breached, exposing your credentials to the attacker or anyone who has the breached data. Often hackers use this information to try and enumerate other sites, social network, bank logins to try and login assuming the behaviour of password reuse.
To check if you have been part of a data breach you can use the service haveibeenpwned. If you have been part of any data breaches, then it will show you the details. In addition to that, you can also use the Pwned Passwords list to check if the password that you use has been part of any data breaches. It’s good to change your password if you find yours in there. If you are worried about entering your password in haveibeenpwned site, the good thing is that it uses k-anonymity model, which means that your full password is not sent across the wire.
- Update your passwords on all sites that you use if you have been reusing passwords. If you don’t have much time to do this in one shot, you can do this incrementally as and when you next visit them.
- Make sure you have unique passwords for each of the site. A good password is one that you cannot remember. So if you are not using a Password Manager it’s a good idea to start using. If you don’t want to spend money on a password manager, you can always use a random password generator to generate one for you. Remembering that password might be hard, you could either write it down or save it in the browser (not that I am recommending it over getting a Password Manager, but better than reusing passwords).